Personal Data of 500 Million Facebook Users Leaked
Personally identifiable information belonging to around 500 million Facebook users has been leaked online. As reported by Business Insider, the user records appeared on an online hacking forum and were published for free.
A large portion of the 500 million users are US and UK citizens, with 32 million US users and 11 million users from the UK. There are over 100 affected countries in the leaked information.
The leaked data contains a number of sensitive, personally identifiable bits of information about Facebook users. Those include their phone numbers, platform IDs, their location and dates of birth, as well as full names and emails in some instances.
Security expert Alon Gal who is with cyber intelligence company Hudson Rock, commented on the leak and stated that the data is very likely to be abused by bad actors for both hacking attempts as well as believable social engineering attacks.
Facebook – Data Security Deja Vu
This data leak is not the first time Facebook has come under the spotlight for its data security policies.
Back in 2018 the company suffered another data leak where attackers abused a vulnerability to access the data of 50 million Facebook users. The vulnerability was active on the platform between mid-2017 and late 2018, giving bad actors plenty of time to do their dirty work.
In the aftermath of this most recent data leak, the website Have I Been Pwned?, which is commonly used to check if a user's personal data and passwords have been somehow compromised and leaked online, added new functionality allowing users to search their phone number and see if it was part of the massive data leak.
Biting Comments Directed at Facebook CEO
Some curious details about the leak include the fact that Facebook founder and CEO Mark Zuckerberg's phone was also among the leaked numbers. The leak also revealed that Zuckerberg was using Signal on his phone - a direct competitor to Facebook-owned WhatsApp.
Security researcher Dave Walker tweeted out a biting comment on the situation, stating that Mark Zuckerberg "respects his own privacy" and uses a chat application that "has end-to-end encryption and is not owned by Facebook".